You can extend the
capabilities of WebSphere® Application Server by plugging
in your own authorization provider. You
can use
the built-in authorization or an external JACC authorization provider.You can use the built-in authorization, a System Authorization
Facility (SAF) authorization, or an external JACC authorization provider.
About this task
For an explanation
of the administrative console panels that support
these capabilities, see:
Procedure
- Use
the built-in authorization provider. It is recommended
that you do not modify any settings on the authorization provider
panels if
you use the Built-in authorization option. For more information,
see External authorization provider settings.
- Use an external authorization provider. If
you use the External
authorization using a JACC provider option, the external providers
must
be based on the Java Authorization Contract for
Containers (JACC) specification
to handle the Java Platform, Enterprise Edition
(Java EE)
authorization. By default, WebSphere Application Server
enables you to configure
the Tivoli® Access
Manager Java Authorization Contract for
Containers (JACC) provider
as the default external JACC provider. For more information, see External Java Authorization Contract for Containers provider settings and Tivoli Access Manager JACC provider settings.
- Use a System Authorization Facility
(SAF). Use the System Authorization Facility (SAF) authorization option
to specify that SAF EJBROLE profiles be used for user-to-role authorization
for both Java Platform, Enterprise Edition
(Java EE)
applications and the role-based authorization requests (naming and
administration)
that are associated with application server runtime. This option is
available
only when your environment contains z/OS® nodes.
For more information, see External authorization provider settings and z/OS System Authorization Facility authorization.